Thanks. I didn't know about that extension. Is there a list of all the OAuth extensions somewhere? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
On Fri, May 29, 2009 at 6:06 PM, Brian Eaton <[email protected]> wrote: > > On Fri, May 29, 2009 at 5:25 PM, Andrew Arnott <[email protected]> > wrote: > > I don't think the spec addresses the question at all, but my reading from > > section 5.2 suggests that no parameters in the POST entity should be > signed > > unless the content type is application/x-www-form-urlencoded, which means > > that parameters that come along with the image are unsigned. > > I agree with your interpretation of the spec. > > If you care a lot about the integrity of the body, but can't use > something simple like https for your purposes, check out > http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html > . > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
